6.6

CVE-2008-3003

Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftOffice Version2007
MicrosoftOffice Version2007 Editiongold
MicrosoftOffice Version2007 Updatesp1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.67% 0.738
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.6 3.9 9.2
AV:L/AC:L/Au:N/C:C/I:C/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://marc.info/?l=bugtraq&m=121915960406986&w=2
http://www.us-cert.gov/cas/techalerts/TA08-225A.html
US Government Resource
http://secunia.com/advisories/31454
Vendor Advisory
http://www.securityfocus.com/bid/30641
http://www.securitytracker.com/id?1020669
http://www.vupen.com/english/advisories/2008/2347
Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-043
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5951